External risk intelligence

Zeon Academy Pro lets attackers steal or change your data

CVE advisorySeverity: CRITICAL (CVSS 9.3)

CVE-2025-41029

An external attacker can exploit a flaw in Zeon Academy Pro to view, modify, or delete sensitive information in the company database. This access allows the attacker to steal user records or take over accounts, resulting in a loss of critical business data and operational control.

3Halo Surface Signal

SQL Injection

External exposure likelihood

Halo Surface Signal score for CVE-2025-41029

The vulnerability resides in a file within a /private/ directory, suggesting it is likely intended for restricted or internal use. While it is a network-accessible web application endpoint, the specific path implies it is not inherently designed for public internet exposure, though it remains a possible target if the web server is reachable from the internet.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Horizon Alert

Summary of the vulnerability and why it matters

A critical vulnerability in Zeon Academy Pro allows unauthorized modification, creation, or deletion of database content. This issue arises from improperly handled user input in a specific web request. Teams should pay close attention due to the potential for significant data manipulation.

  • Can affect any database data.
  • Allows control over application data.
  • Network accessible without authentication.

Attack Path

How an attacker could exploit the issue

This SQL injection vulnerability in Zeon Academy Pro can be exploited by any unauthenticated attacker. The attacker would send a specially crafted POST request to the `/private/continue-upload.php` endpoint, targeting the `phonenumber` parameter to manipulate the database. This could allow them to read sensitive data, create new records, or even delete existing ones, effectively compromising the academy's data integrity.

  • Unauthenticated network access
  • Targets `/private/continue-upload.php`
  • Uses `phonenumber` parameter

Live Threat

Current exploitation, exposure, and threat context

Attackers may find this SQL injection vulnerability appealing due to its potential for broad data manipulation, allowing retrieval, creation, update, and deletion of databases. The vulnerability is directly exploitable via a POST request using a specific parameter, indicating a straightforward attack vector. However, the presence of this endpoint in a '/private/' directory suggests it might not be readily exposed to the public internet, which could limit its immediate weaponization potential.

  • No observed KEV listing.
  • Public exploit is not confirmed.
  • Recency signal is unclear.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

Prioritize actively blocking network traffic to `/private/continue-upload.php` on affected systems. Teams should focus on identifying and isolating any instances of Zeon Academy Pro to prevent potential data exfiltration or manipulation through the identified SQL injection vulnerability.

  • Inspect logs for POST requests to `/private/continue-upload.php`.
  • Block network access to the vulnerable endpoint.
  • Isolate affected systems if immediate patching is impossible.

Frequently asked questions

What is Zeon Academy Pro and what is it used for?

Zeon Academy Pro is a software product developed by Zeon Global Tech. While the specific use cases are not detailed in the provided context, the mention of database manipulation and an upload-related endpoint suggests it might be used for managing educational data, student records, or academy-related administrative functions.

What kind of weakness does CVE-2025-41029 represent?

CVE-2025-41029 is a SQL injection vulnerability, classified as CWE-89. This type of weakness occurs when an application does not properly sanitize user input before including it in SQL queries, allowing attackers to execute unintended SQL commands.

How can an attacker exploit the CVE-2025-41029 vulnerability?

An attacker can exploit this vulnerability by sending a specially crafted POST request to the `/private/continue-upload.php` file, specifically targeting the 'phonenumber' parameter. This method allows for database manipulation, but it does not trigger if requests are not sent via POST or if the 'phonenumber' parameter is not included.

Who should be concerned about CVE-2025-41029?

Organizations running Zeon Academy Pro should be concerned. Halo Surface Signal indicates this vulnerability has a 'Possible' exposure level, suggesting it could be targeted by attackers if the web server is reachable from the internet, even though the affected file is within a '/private/' directory.

What is the first step to address this vulnerability?

The immediate first step for those running Zeon Academy Pro is to inspect logs for any POST requests made to the `/private/continue-upload.php` endpoint. If possible, blocking network access to this specific file should be prioritized to prevent exploitation.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished Modified